/[LeafOK_CVS]/lbbs/src/login.c
ViewVC logotype

Contents of /lbbs/src/login.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.64 - (show annotations)
Tue Nov 4 11:20:16 2025 UTC (4 months, 1 week ago) by sysadm
Branch: MAIN
Changes since 1.63: +5 -2 lines
Content type: text/x-csrc 
Update username check criteria to keep compatible with some special username (length = 3)
1 /***************************************************************************
2 login.c - description
3 -------------------
4 Copyright : (C) 2004-2025 by Leaflet
5 Email : leaflet@leafok.com
6 ***************************************************************************/
7
8 /***************************************************************************
9 * *
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 3 of the License, or *
13 * (at your option) any later version. *
14 * *
15 ***************************************************************************/
16
17 #include "bbs.h"
18 #include "common.h"
19 #include "database.h"
20 #include "io.h"
21 #include "ip_mask.h"
22 #include "log.h"
23 #include "login.h"
24 #include "screen.h"
25 #include "user_priv.h"
26 #include <ctype.h>
27 #include <errno.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <regex.h>
31 #include <unistd.h>
32 #include <mysql/mysql.h>
33 #include <sys/param.h>
34
35 static const int BBS_username_min_len = 3; // common len = 5, special len = 3
36 static const int BBS_password_min_len = 5; // legacy len = 5, current len = 6
37
38 int bbs_login(void)
39 {
40 char username[BBS_username_max_len + 1];
41 char password[BBS_password_max_len + 1];
42 int i = 0;
43 int ok = 0;
44
45 for (; !SYS_server_exit && !ok && i < BBS_login_retry_times; i++)
46 {
47 prints("\033[1;33m请输入帐号\033[m(试用请输入`\033[1;36mguest\033[m', "
48 "注册请输入`\033[1;31mnew\033[m'): ");
49 iflush();
50
51 if (str_input(username, sizeof(username), DOECHO) < 0)
52 {
53 continue;
54 }
55
56 if (strcmp(username, "guest") == 0)
57 {
58 load_guest_info();
59
60 return 0;
61 }
62
63 if (strcmp(username, "new") == 0)
64 {
65 display_file(DATA_REGISTER, 1);
66
67 return -1;
68 }
69
70 if (username[0] != '\0')
71 {
72 prints("\033[1;37m请输入密码\033[m: ");
73 iflush();
74
75 if (str_input(password, sizeof(password), NOECHO) < 0)
76 {
77 continue;
78 }
79
80 ok = (check_user(username, password) == 0);
81 iflush();
82 }
83 }
84
85 if (!ok)
86 {
87 display_file(DATA_LOGIN_ERROR, 1);
88 return -1;
89 }
90
91 log_common("User \"%s\"(%ld) login from %s:%d\n",
92 BBS_username, BBS_priv.uid, hostaddr_client, port_client);
93
94 return 0;
95 }
96
97 int check_user(const char *username, const char *password)
98 {
99 MYSQL *db = NULL;
100 MYSQL_RES *rs = NULL;
101 MYSQL_ROW row;
102 char sql[SQL_BUFFER_LEN];
103 int ret = 0;
104 int BBS_uid = 0;
105 char client_addr[IP_ADDR_LEN];
106 int i;
107 int ok = 1;
108 char user_tz_env[BBS_user_tz_max_len + 2];
109
110 db = db_open();
111 if (db == NULL)
112 {
113 ret = -1;
114 goto cleanup;
115 }
116
117 // Verify format
118 for (i = 0; ok && username[i] != '\0'; i++)
119 {
120 if (!(isalpha(username[i]) || (i > 0 && (isdigit(username[i]) || username[i] == '_'))))
121 {
122 ok = 0;
123 }
124 }
125 if (ok && (i < BBS_username_min_len || i > BBS_username_max_len))
126 {
127 ok = 0;
128 }
129 for (i = 0; ok && password[i] != '\0'; i++)
130 {
131 if (!isalnum(password[i]))
132 {
133 ok = 0;
134 }
135 }
136 if (ok && (i < BBS_password_min_len || i > BBS_password_max_len))
137 {
138 ok = 0;
139 }
140
141 if (!ok)
142 {
143 prints("\033[1;31m用户名或密码格式错误...\033[m\r\n");
144 ret = 1;
145 goto cleanup;
146 }
147
148 // Begin transaction
149 if (mysql_query(db, "SET autocommit=0") != 0)
150 {
151 log_error("SET autocommit=0 error: %s\n", mysql_error(db));
152 ret = -1;
153 goto cleanup;
154 }
155
156 if (mysql_query(db, "BEGIN") != 0)
157 {
158 log_error("Begin transaction error: %s\n", mysql_error(db));
159 ret = -1;
160 goto cleanup;
161 }
162
163 // Failed login attempts from the same source (subnet /24) during certain time period
164 strncpy(client_addr, hostaddr_client, sizeof(client_addr) - 1);
165 client_addr[sizeof(client_addr) - 1] = '\0';
166
167 snprintf(sql, sizeof(sql),
168 "SELECT COUNT(*) AS err_count FROM user_err_login_log "
169 "WHERE login_dt >= SUBDATE(NOW(), INTERVAL %d MINUTE) "
170 "AND login_ip LIKE '%s'",
171 BBS_login_failures_count_interval,
172 ip_mask(client_addr, 1, '%'));
173 if (mysql_query(db, sql) != 0)
174 {
175 log_error("Query user_list error: %s\n", mysql_error(db));
176 ret = -1;
177 goto cleanup;
178 }
179 if ((rs = mysql_store_result(db)) == NULL)
180 {
181 log_error("Get user_list data failed\n");
182 ret = -1;
183 goto cleanup;
184 }
185 if ((row = mysql_fetch_row(rs)))
186 {
187 if (atoi(row[0]) >= BBS_allowed_login_failures_within_interval)
188 {
189 prints("\033[1;31m来源存在多次失败登陆尝试,请稍后再试,或使用Web方式访问\033[m\r\n");
190 ret = 1;
191 goto cleanup;
192 }
193 }
194 mysql_free_result(rs);
195 rs = NULL;
196
197 // Failed login attempts against the current username since last successful login
198 snprintf(sql, sizeof(sql),
199 "SELECT COUNT(*) AS err_count FROM user_err_login_log "
200 "LEFT JOIN user_list ON user_err_login_log.username = user_list.username "
201 "LEFT JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID "
202 "WHERE user_err_login_log.username = '%s' "
203 "AND (user_err_login_log.login_dt >= user_pubinfo.last_login_dt "
204 "OR user_pubinfo.last_login_dt IS NULL)",
205 username);
206 if (mysql_query(db, sql) != 0)
207 {
208 log_error("Query user_list error: %s\n", mysql_error(db));
209 ret = -1;
210 goto cleanup;
211 }
212 if ((rs = mysql_store_result(db)) == NULL)
213 {
214 log_error("Get user_list data failed\n");
215 ret = -1;
216 goto cleanup;
217 }
218 if ((row = mysql_fetch_row(rs)))
219 {
220 if (atoi(row[0]) >= BBS_allowed_login_failures_per_account)
221 {
222 prints("\033[1;31m账户存在多次失败登陆尝试,请使用Web方式登录解锁\033[m\r\n");
223 ret = 1;
224 goto cleanup;
225 }
226 }
227 mysql_free_result(rs);
228 rs = NULL;
229
230 snprintf(sql, sizeof(sql),
231 "SELECT UID, username, p_login FROM user_list "
232 "WHERE username = '%s' AND password = SHA2('%s', 256) AND enable",
233 username, password);
234 if (mysql_query(db, sql) != 0)
235 {
236 log_error("Query user_list error: %s\n", mysql_error(db));
237 ret = -1;
238 goto cleanup;
239 }
240 if ((rs = mysql_store_result(db)) == NULL)
241 {
242 log_error("Get user_list data failed\n");
243 ret = -1;
244 goto cleanup;
245 }
246 if ((row = mysql_fetch_row(rs)))
247 {
248 BBS_uid = atoi(row[0]);
249 strncpy(BBS_username, row[1], sizeof(BBS_username) - 1);
250 BBS_username[sizeof(BBS_username) - 1] = '\0';
251 int p_login = atoi(row[2]);
252
253 mysql_free_result(rs);
254 rs = NULL;
255
256 // Add user login log
257 snprintf(sql, sizeof(sql),
258 "INSERT INTO user_login_log(UID, login_dt, login_ip) "
259 "VALUES(%d, NOW(), '%s')",
260 BBS_uid, hostaddr_client);
261 if (mysql_query(db, sql) != 0)
262 {
263 log_error("Insert into user_login_log error: %s\n", mysql_error(db));
264 ret = -1;
265 goto cleanup;
266 }
267
268 // Commit transaction
269 if (mysql_query(db, "COMMIT") != 0)
270 {
271 log_error("Commit transaction error: %s\n", mysql_error(db));
272 ret = -1;
273 goto cleanup;
274 }
275
276 if (p_login == 0)
277 {
278 prints("\033[1;31m您目前无权登陆...\033[m\r\n");
279 ret = 1;
280 goto cleanup;
281 }
282 }
283 else
284 {
285 mysql_free_result(rs);
286 rs = NULL;
287
288 snprintf(sql, sizeof(sql),
289 "INSERT INTO user_err_login_log(username, password, login_dt, login_ip) "
290 "VALUES('%s', '%s', NOW(), '%s')",
291 username, password, hostaddr_client);
292 if (mysql_query(db, sql) != 0)
293 {
294 log_error("Insert into user_err_login_log error: %s\n", mysql_error(db));
295 ret = -1;
296 goto cleanup;
297 }
298
299 // Commit transaction
300 if (mysql_query(db, "COMMIT") != 0)
301 {
302 log_error("Commit transaction error: %s\n", mysql_error(db));
303 ret = -1;
304 goto cleanup;
305 }
306
307 prints("\033[1;31m错误的用户名或密码...\033[m\r\n");
308 ret = 1;
309 goto cleanup;
310 }
311
312 // Set AUTOCOMMIT = 1
313 if (mysql_query(db, "SET autocommit=1") != 0)
314 {
315 log_error("SET autocommit=1 error: %s\n", mysql_error(db));
316 ret = -1;
317 goto cleanup;
318 }
319
320 ret = load_user_info(db, BBS_uid);
321
322 switch (ret)
323 {
324 case 0: // Login successfully
325 break;
326 case -1: // Load data error
327 prints("\033[1;31m读取用户数据错误...\033[m\r\n");
328 ret = -1;
329 goto cleanup;
330 case -2: // Unused
331 prints("\033[1;31m请通过Web登录更新用户许可协议...\033[m\r\n");
332 ret = 1;
333 goto cleanup;
334 case -3: // Dead
335 prints("\033[1;31m很遗憾,您已经永远离开了我们的世界!\033[m\r\n");
336 ret = 1;
337 goto cleanup;
338 default:
339 ret = -2;
340 goto cleanup;
341 }
342
343 snprintf(sql, sizeof(sql),
344 "UPDATE user_pubinfo SET visit_count = visit_count + 1, "
345 "last_login_dt = NOW() WHERE UID = %d",
346 BBS_uid);
347 if (mysql_query(db, sql) != 0)
348 {
349 log_error("Update user_pubinfo error: %s\n", mysql_error(db));
350 ret = -1;
351 goto cleanup;
352 }
353
354 if (user_online_add(db) != 0)
355 {
356 ret = -1;
357 goto cleanup;
358 }
359
360 BBS_last_access_tm = BBS_login_tm = time(NULL);
361
362 // Set user tz to process env
363 if (BBS_user_tz[0] != '\0')
364 {
365 user_tz_env[0] = ':';
366 strncpy(user_tz_env + 1, BBS_user_tz, sizeof(user_tz_env) - 2);
367 user_tz_env[sizeof(user_tz_env) - 1] = '\0';
368
369 if (setenv("TZ", user_tz_env, 1) == -1)
370 {
371 log_error("setenv(TZ = %s) error %d\n", user_tz_env, errno);
372 return -3;
373 }
374
375 tzset();
376 }
377
378 cleanup:
379 mysql_free_result(rs);
380 mysql_close(db);
381
382 return ret;
383 }
384
385 int load_user_info(MYSQL *db, int BBS_uid)
386 {
387 MYSQL_RES *rs = NULL;
388 MYSQL_ROW row;
389 char sql[SQL_BUFFER_LEN];
390 int life;
391 time_t last_login_dt;
392 int ret = 0;
393
394 snprintf(sql, sizeof(sql),
395 "SELECT life, UNIX_TIMESTAMP(last_login_dt), user_timezone, exp, nickname "
396 "FROM user_pubinfo WHERE UID = %d",
397 BBS_uid);
398 if (mysql_query(db, sql) != 0)
399 {
400 log_error("Query user_pubinfo error: %s\n", mysql_error(db));
401 ret = -1;
402 goto cleanup;
403 }
404 if ((rs = mysql_store_result(db)) == NULL)
405 {
406 log_error("Get user_pubinfo data failed\n");
407 ret = -1;
408 goto cleanup;
409 }
410 if ((row = mysql_fetch_row(rs)))
411 {
412 life = atoi(row[0]);
413 last_login_dt = (time_t)atol(row[1]);
414
415 strncpy(BBS_user_tz, row[2], sizeof(BBS_user_tz) - 1);
416 BBS_user_tz[sizeof(BBS_user_tz) - 1] = '\0';
417
418 BBS_user_exp = atoi(row[3]);
419
420 strncpy(BBS_nickname, row[4], sizeof(BBS_nickname));
421 BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
422 }
423 else
424 {
425 ret = -1; // Data not found
426 goto cleanup;
427 }
428 mysql_free_result(rs);
429 rs = NULL;
430
431 if (life != 333 && life != 365 && life != 666 && life != 999 && // Not immortal
432 time(NULL) - last_login_dt > 60 * 60 * 24 * life)
433 {
434 ret = -3; // Dead
435 goto cleanup;
436 }
437
438 if (load_priv(db, &BBS_priv, BBS_uid) != 0)
439 {
440 ret = -1;
441 goto cleanup;
442 }
443
444 cleanup:
445 mysql_free_result(rs);
446
447 return ret;
448 }
449
450 int load_guest_info(void)
451 {
452 MYSQL *db = NULL;
453 int ret = 0;
454
455 db = db_open();
456 if (db == NULL)
457 {
458 ret = -1;
459 goto cleanup;
460 }
461
462 strncpy(BBS_username, "guest", sizeof(BBS_username) - 1);
463 BBS_username[sizeof(BBS_username) - 1] = '\0';
464
465 BBS_user_exp = 0;
466
467 strncpy(BBS_nickname, "Guest", sizeof(BBS_nickname));
468 BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
469
470 if (load_priv(db, &BBS_priv, 0) != 0)
471 {
472 ret = -1;
473 goto cleanup;
474 }
475
476 if (user_online_add(db) != 0)
477 {
478 ret = -1;
479 goto cleanup;
480 }
481
482 BBS_last_access_tm = BBS_login_tm = time(NULL);
483
484 cleanup:
485 mysql_close(db);
486
487 return ret;
488 }
489
490 int user_online_add(MYSQL *db)
491 {
492 char sql[SQL_BUFFER_LEN];
493
494 snprintf(sql, sizeof(sql),
495 "INSERT INTO visit_log(dt, IP) VALUES(NOW(), '%s')",
496 hostaddr_client);
497 if (mysql_query(db, sql) != 0)
498 {
499 log_error("Add visit log error: %s\n", mysql_error(db));
500 return -1;
501 }
502
503 if (user_online_del(db) != 0)
504 {
505 return -2;
506 }
507
508 snprintf(sql, sizeof(sql),
509 "INSERT INTO user_online(SID, UID, ip, current_action, login_tm, last_tm) "
510 "VALUES('Telnet_Process_%d', %d, '%s', 'LOGIN', NOW(), NOW())",
511 getpid(), BBS_priv.uid, hostaddr_client);
512 if (mysql_query(db, sql) != 0)
513 {
514 log_error("Add user_online error: %s\n", mysql_error(db));
515 return -3;
516 }
517
518 return 0;
519 }
520
521 int user_online_del(MYSQL *db)
522 {
523 char sql[SQL_BUFFER_LEN];
524
525 snprintf(sql, sizeof(sql),
526 "DELETE FROM user_online WHERE SID = 'Telnet_Process_%d'",
527 getpid());
528 if (mysql_query(db, sql) != 0)
529 {
530 log_error("Delete user_online error: %s\n", mysql_error(db));
531 return -1;
532 }
533
534 return 0;
535 }
536
537 int user_online_exp(MYSQL *db)
538 {
539 char sql[SQL_BUFFER_LEN];
540
541 // +1 exp for every 5 minutes online since last logout
542 // but at most 24 hours worth of exp can be gained in Telnet session
543 snprintf(sql, sizeof(sql),
544 "UPDATE user_pubinfo SET exp = exp + FLOOR(LEAST(TIMESTAMPDIFF("
545 "SECOND, GREATEST(last_login_dt, IF(last_logout_dt IS NULL, last_login_dt, last_logout_dt)), NOW()"
546 ") / 60 / 5, 12 * 24)), last_logout_dt = NOW() "
547 "WHERE UID = %d",
548 BBS_priv.uid);
549 if (mysql_query(db, sql) != 0)
550 {
551 log_error("Update user_pubinfo error: %s\n", mysql_error(db));
552 return -1;
553 }
554
555 return 0;
556 }
557
558 int user_online_update(const char *action)
559 {
560 MYSQL *db = NULL;
561 char sql[SQL_BUFFER_LEN];
562
563 if ((action == NULL || strcmp(BBS_current_action, action) == 0) &&
564 time(NULL) - BBS_current_action_tm < BBS_current_action_refresh_interval) // No change
565 {
566 return 0;
567 }
568
569 if (action != NULL)
570 {
571 strncpy(BBS_current_action, action, sizeof(BBS_current_action) - 1);
572 BBS_current_action[sizeof(BBS_current_action) - 1] = '\0';
573 }
574
575 BBS_current_action_tm = time(NULL);
576
577 db = db_open();
578 if (db == NULL)
579 {
580 log_error("db_open() error: %s\n", mysql_error(db));
581 return -1;
582 }
583
584 snprintf(sql, sizeof(sql),
585 "UPDATE user_online SET current_action = '%s', last_tm = NOW() "
586 "WHERE SID = 'Telnet_Process_%d'",
587 BBS_current_action, getpid());
588 if (mysql_query(db, sql) != 0)
589 {
590 log_error("Update user_online error: %s\n", mysql_error(db));
591 return -2;
592 }
593
594 mysql_close(db);
595
596 return 1;
597 }
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1